-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 19 Jun 2016 17:03:02 +0200 Source: python2.7 Binary: python2.7 python2.7-minimal libpython2.7 python2.7-examples python2.7-dev idle-python2.7 python2.7-doc python2.7-dbg Architecture: source all i386 Version: 2.7.3-6+deb7u3 Distribution: wheezy-security Urgency: low Maintainer: Matthias Klose <doko@debian.org> Changed-By: Thorsten Alteholz <debian@alteholz.de> Description: idle-python2.7 - IDE for Python (v2.7) using Tkinter libpython2.7 - Shared Python runtime library (version 2.7) python2.7 - Interactive high-level object-oriented language (version 2.7) python2.7-dbg - Debug Build of the Python Interpreter (version 2.7) python2.7-dev - Header files and a static library for Python (v2.7) python2.7-doc - Documentation for the high-level object-oriented language Python python2.7-examples - Examples for the Python language (v2.7) python2.7-minimal - Minimal subset of the Python language (version 2.7) Changes: python2.7 (2.7.3-6+deb7u3) wheezy-security; urgency=low . * Non-maintainer upload by the Wheezy LTS Team. * CVE-2016-0772 A vulnerability in smtplib allowing MITM attacker to perform a startTLS stripping attack. smtplib does not seem to raise an exception when the remote end (smtp server) is capable of negotiating starttls but fails to respond with 220 (ok) to an explicit call of SMTP.starttls(). This may allow a malicious MITM to perform a startTLS stripping attack if the client code does not explicitly check the response code for startTLS. * CVE-2016-5636 Issue #26171: Fix possible integer overflow and heap corruption in zipimporter.get_data(). * CVE-2016-5699 Protocol injection can occur not only if an application sets a header based on user-supplied values, but also if the application ever tries to fetch a URL specified by an attacker (SSRF case) OR if the application ever accesses any malicious web server (redirection case). Checksums-Sha1: 33cdccf5ab7217baaa2de1916d3ab961ce1ad765 2838 python2.7_2.7.3-6+deb7u3.dsc 7eb972b37f596bea7215efce2da40fcb24bed5d9 14216076 python2.7_2.7.3.orig.tar.gz f364fb28416e44beeea888168f037909ad7a4617 543919 python2.7_2.7.3-6+deb7u3.diff.gz decd84517a672453d72f831376a68f0ba93a50dc 709464 python2.7-examples_2.7.3-6+deb7u3_all.deb d12275f04b47872d89f9a91ccd12bc02fef928dd 303526 idle-python2.7_2.7.3-6+deb7u3_all.deb caf10db79a09dd81d9a432dc98d3a15e5c062bcf 6273168 python2.7-doc_2.7.3-6+deb7u3_all.deb 669e67d1cbff72040c5d154b321e919c1b78ee6f 2700670 python2.7_2.7.3-6+deb7u3_i386.deb 3f0ca0ba5fc3740ca817d5d5a24825b27864f20d 1730034 python2.7-minimal_2.7.3-6+deb7u3_i386.deb 537af6294be62ad3825b9e73bf8f1133556c4499 1165902 libpython2.7_2.7.3-6+deb7u3_i386.deb cd83be30757d8bcdf65f84b65741a1caaf52e93f 22470230 python2.7-dev_2.7.3-6+deb7u3_i386.deb a9503dd536d5e8bda5cd7591567f04bce048255f 15085730 python2.7-dbg_2.7.3-6+deb7u3_i386.deb Checksums-Sha256: 84bb99b355a0ffcb82c06e9251cba8d189e925310b7acb4bf38ee3876335d323 2838 python2.7_2.7.3-6+deb7u3.dsc 68bddd390a22ce9a9946ad711fc0042c831889be1f8ff79c0945f7a973e05bda 14216076 python2.7_2.7.3.orig.tar.gz 341663a1c9f9ec6df1974824e46bfecc4ad6454d1b77c735cecaa81ca095ec2f 543919 python2.7_2.7.3-6+deb7u3.diff.gz 74c4842c7744698beb67a6ad6bb9cbe6420bfa61ce95e077ffa7e24e1b131ab6 709464 python2.7-examples_2.7.3-6+deb7u3_all.deb 49868f1ea408e89f46d351eb0a112657217f9da6c0924ddc965b7a904a971e5d 303526 idle-python2.7_2.7.3-6+deb7u3_all.deb 4818eb371296e05208f35fde3b96528fa78d7898ce3376e30399add75593c374 6273168 python2.7-doc_2.7.3-6+deb7u3_all.deb 9d3c00bf167baccfafe2de14418b8fab1ecaf684d617f3fb63d925746e1c5a95 2700670 python2.7_2.7.3-6+deb7u3_i386.deb df8d249f312eb86321a297dce6e169dfecc45821c294659ae1c298e441fed976 1730034 python2.7-minimal_2.7.3-6+deb7u3_i386.deb 240822f4064c2b68e9d76326e5f40514a4fe4dc600567e5e53ea70d2992ebdd9 1165902 libpython2.7_2.7.3-6+deb7u3_i386.deb 2aaee86c45b40fb26929d1d6d859a7e70761e9c61554192e1298a2fb7f85165a 22470230 python2.7-dev_2.7.3-6+deb7u3_i386.deb 24ca46695b251de156b4d99a1feffe279c1dd1ac01be8ef70168e04e59adeec6 15085730 python2.7-dbg_2.7.3-6+deb7u3_i386.deb Files: 550b3b539c28e1c42937ad2c78e8624d 2838 python optional python2.7_2.7.3-6+deb7u3.dsc 20e7d671051f7a8c81d58965efcdf638 14216076 python optional python2.7_2.7.3.orig.tar.gz 54ad4a215e896c32597861f4554a0e2e 543919 python optional python2.7_2.7.3-6+deb7u3.diff.gz dfb9bc904eb03fa7b389af6e3346d0f9 709464 python optional python2.7-examples_2.7.3-6+deb7u3_all.deb 35c04b26f30a1ef90df523cbf21913bd 303526 python optional idle-python2.7_2.7.3-6+deb7u3_all.deb 23c1103bde9b8055b176fd0fb45d1cec 6273168 doc optional python2.7-doc_2.7.3-6+deb7u3_all.deb 67d375756f15d65935dc94bed7371207 2700670 python optional python2.7_2.7.3-6+deb7u3_i386.deb 5159aea1294c908be26c3e35f73399ae 1730034 python optional python2.7-minimal_2.7.3-6+deb7u3_i386.deb 7f6953fef131a514d23ac999919c92c6 1165902 libs optional libpython2.7_2.7.3-6+deb7u3_i386.deb 708f6c8a97711ccb3d9964216b955e51 22470230 python optional python2.7-dev_2.7.3-6+deb7u3_i386.deb d8533633c603920cb4c067357bd96b11 15085730 debug extra python2.7-dbg_2.7.3-6+deb7u3_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQJ8BAEBCgBmBQJXaXyzXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5 NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHX9wQAKi71hux1FtW9Rlnmw2ezjaU lAkzAdHnB+v5Dhm2i+vUy1Dk6dkftfEqM5PtId4a/5fPAPwr6StTU+rTD5JzxLF8 ixp2jTvnnqJ8/W9/tGpJh7OETxa4WHx0FUMCuAzxf0MwhhRNijogQxjEhbWfawYj ac7axN3n+ayG3ira0q+05YUaCV+1iGYhzq6CiOb39421kBSfBfbPgF5Aj6UtauBW JSMl2wQgclDiV/9WMN+nQV8rV62ah+X/S9fjzonchLC7j5VSqujoAiccKNeCoZ+r YLrfT4k4yDMA+gGrRN+cuqfZxmXnMrtbtGl3y1oGLGO9JsaTvXSTfSD/V66lfFeq 1ts8o8mKV+mD4wtJGXdXmloZXyLkmI5WWpGjJB5RL/KUAJ8X0ZgwRG3ueCoxbWlI 3VQFkHbQTLeHsOQkxYeQ7VT+EWuXZSFjN5iQeXLJGxBTLDvR6ubTToSui9Noh+2k PIsOcudtaGXqLgxBx6DQlfdxIzU61q9f3ZRh/N9XycaN2KEVX5a0QHZHrqGKKfYK +3hlcJCLoVb6eCwJH1Y3gTE3N9RHS6+g+V73ZoZwCPZzjy3qV0gHaKKG+OsZSefT MYyqxKXEw3fm/xw8/o8W7fJd+9lPP+9ukK3HPUNFYx4moAFJ48ixZCgDsWwwnwpZ fEYzZ2GMIoCsfs/5dds4 =fRy7 -----END PGP SIGNATURE-----